Make WordPress Core

Changeset 37025

03/17/2016 03:52:40 AM (7 years ago)

Docs: Clarify documentation for the xmlrpc_enabled filter to better explain that its scope only extends to methods requiring authentication.

When the xmlrpc_enabled filter was initially introduced in [21509], it was effectively intended to replace the `enable_xmlrpc' UI option, which only controlled whether authenticated XML-RPC methods were enabled, such as for publishing actions. This change clarifies the expected behavior and adds information about ways to more granularly control XML-RPC method and request behavior with related hooks.

Part props mensmaximus.
See #21509. Fixes #36055.

1 edited


  • trunk/src/wp-includes/class-wp-xmlrpc-server.php

    r36661 r37025  
    249249        /**
    250          * Filter whether XML-RPC is enabled.
    251          *
    252          * This is the proper filter for turning off XML-RPC.
     250         * Filter whether XML-RPC methods requiring authentication are enabled.
     251         *
     252         * Contrary to the way it's named, this filter does not control whether XML-RPC is *fully*
     253         * enabled, rather, it only controls whether XML-RPC methods requiring authentication - such
     254         * as for publishing purposes - are enabled.
     255         *
     256         * Further, the filter does not control whether pingbacks or other custom endpoints that don't
     257         * require authentication are enabled. This behavior is expected, and due to how parity was matched
     258         * with the `enable_xmlrpc` UI option the filter replaced when it was introduced in 3.5.
     259         *
     260         * To disable XML-RPC methods that require authentication, use:
     261         *
     262         *     add_filter( 'xmlrpc_enabled', '__return_false' );
     263         *
     264         * For more granular control over all XML-RPC methods and requests, see the {@see 'xmlrpc_methods'}
     265         * and {@see 'xmlrpc_element_limit'} hooks.
    253266         *
    254267         * @since 3.5.0
Note: See TracChangeset for help on using the changeset viewer.